Companies are investing more of their FDA spend on proactive initiatives Given so much management focus on fraud prevention, this year’s survey included 63% a new question to gauge how much of a company’s FDA activities are proactive — as opposed to merely reacting to an investigation or adverse event. The results are of respondents striking. Sixty-three percent of the respondents are investing at least half of their FDA spend on proactive monitoring initiatives. spend at least half of their FDA We believe this strong proactive stance is in response to regulatory enforcement investment on proactive initiatives concerns, as well as improved surveillance analytics and compliance monitoring offerings in the market. With governments imposing substantial monetary penalties — sometimes accompanied by prison sentences for executives — organizations have every incentive to improve their FDA programs to better prevent and detect fraud. Companies investing in proactive activities also understand the value of FDA in reducing the costs of anti-fraud programs. According to the Association of Certified Fraud Examiners’ most current Report to the Nations on Occupational Fraud and Abuse, those companies with proactive data analytics in place saw a cost per fraud incident that was 59.7% lower (roughly US$100,000 lower per incident) than those companies not using proactive data analytics — more than any other control listed in the survey. Further, the median duration of a fraud incident with respect to the presence of proactive data analytics was half the time — 12 months versus 24 months. Growing sophistication in technology and the use of data Technology maturity is also growing. The use of visualization tools has doubled since our 2014 survey. Respondents also report the increasing use of social and web monitoring tools and statistical analysis and data mining packages. Half of the respondents, however, report that their adoption of advanced analytics technologies remains immature. For example, spreadsheets are still the most common tool used to manage fraud risk, with more than three-quarters of respondents indicating their use. Clearly, there is still more work to be done. The nature, variety and complexity of structured and unstructured data is changing at an exponential rate — causing companies to rethink how they monitor rogue or noncompliant activities. The Internet of Things has added another dimension to the data. In many organizations, machines are communicating with other machines without human involvement. Employees are often communicating outside corporate networks using social media, mobile phones or web logs. All of these scenarios exemplify how traditional monitoring or investigative analytics techniques deployed a decade ago may no longer be as effective given the nature, variety and complexity of data in today’s organizations. Given that unstructured content accounts for around 90% of an organization’s digital information,1 it’s encouraging to see that 75% of respondents routinely analyze a wide range of structured and unstructured data. Businesses can yield great benefits by combining structured and unstructured data (emails, file metadata, audio and video files, etc.) in their analysis to gain a comprehensive view of their risk environment. For example, comments from sales logs can show an individual’s intent to commit a fraud, while a financial transaction can provide the evidence. 1 Unlocking the Hidden Value of Information, IDC website, www.idc.com/getdoc.jsp?containerId=prUS24993814, accessed 23 November 2015. 14 | Global Forensic Data Analytics Survey 2016